Shazzer logo

    Entities allowed before slashes on a protocol relative URL

    Safari logo 4
    Firefox logo 4
    Chrome logo 4

    You can place whitespace before slashes, this vector finds out what entities you can place before them.

    Created by: hackvertor

    Created on: Saturday, July 6, 2024 at 12:12:14 PM

    Updated on: Wednesday, November 20, 2024 at 8:36:44 PM

    Vector type: JS

    Vector charset: UTF-8

    Code used before fuzz:
    const div = document.createElement('div')
    Template used:
    div.innerHTML='<a href="$[data1]//example.com">';
if(div.querySelector('a').host === 'example.com') {
   log('$[data1]');
}
    Your browser was detected as:
    Detecting... Detecting... Detecting... Detecting...

    Sample payloads

    div.innerHTML='<a href="&bsol;//example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&bsol;');
}
    div.innerHTML='<a href="&NewLine;//example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&NewLine;');
}
    div.innerHTML='<a href="&sol;//example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&sol;');
}
    div.innerHTML='<a href="&Tab;//example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&Tab;');
}

    Fuzz results

    Safari logo
    Safari 17.5 mobile iOS 17.5.1

    Updated

    Sat Jul 06 2024
    Found 4 results
    Loading...
    Firefox logo
    Firefox 127.0 desktop macOS 10.15

    Updated

    Sat Jul 06 2024
    Found 4 results
    Loading...
    Chrome logo
    Chrome 130.0.0.0 desktop macOS 10.15.7

    Updated

    Mon Oct 28 2024
    Found 4 results
    Loading...